AD bit handling when doing validation.

795501bc · Simon Kelley · c2207688 · 795501bc
Commit 795501bc authored Jan 08, 2014 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 7 deletions

src/forward.c src/forward.c +3 -7

No files found.
--- a/src/forward.c
+++ b/src/forward.c
@@ -461,7 +461,6 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
  char **sets = 0;
  int munged = 0, is_sign;
  size_t plen; 
-  int squash_ad = 0;

 #ifdef HAVE_IPSET
  /* Similar algorithm to search_servers. */
@@ -506,19 +505,16 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
      
  /* RFC 4035 sect 4.6 para 3 */
  if (!is_sign && !option_bool(OPT_DNSSEC_PROXY))
-    squash_ad = 1;
+     header->hb4 &= ~HB4_AD;
  
 #ifdef HAVE_DNSSEC
  if (option_bool(OPT_DNSSEC_VALID))
-    squash_ad = no_cache;
-
+    header->hb4 &= ~HB4_AD;
+  
  if (cache_secure)
    header->hb4 |= HB4_AD;
 #endif
  
-  if (squash_ad)
-    header->hb4 &= ~HB4_AD;
-  
  if (OPCODE(header) != QUERY || (RCODE(header) != NOERROR && RCODE(header) != NXDOMAIN))
    return n;